Patching Is Like Putting: Read It, Roll It, and Hole It

Not sure if 20-year-old amateur golfer Francis Quimet would have won the 1913 U.S. Open in Brookline, Massachusetts without the help of his 10-year-old caddy, Eddie Lowery.

As depicted in the 2005 Disney film inspired by Mark Frost’s book The Greatest Game Ever Played: Harry Vardon, Francis Ouimet, and the Birth of Modern Golf, it was Lowery who helped Ouimet stay cool, calm, and collected throughout the pressure-packed tournament.

In one scene, Ouimet, played by Shia LaBeouf, must sink a short putt to stay in contention but his nerves are rattled. The child caddy sidles up to Ouimet and softly encourages him: “You need this for 72. You can do it. Read it, roll it, and hole it.”

Patch management—a different sort of pressure.

Keeping up with the constant stream of security threats and patches is an ongoing drain on IT staff. Failing to keep up with patching requirements means your whole network is at risk.

You must be able to research, evaluate, test, and apply patches across the enterprise easily and automatically. And with most vulnerabilities affecting third-party applications, patching and updating just the operating systems isn’t enough.

Ivanti Patch for Endpoints and Ivanti Patch for SCCM are easy to install and use. You can discover, assess, and remediate thousands of client systems based on policies you define and without saturating your network or disrupting user productivity.

Read it: See and assess your client environment.

Roll it: Patch more systems with fewer network impacts.

Remediate systems anywhere in the world, even those that are remote or in the hands of traveling users, without requiring a VPN connection.

Pre-stage patches locally to the systems that need them, for faster deployment upon approval by your change control board.

Distribute thoroughly tested patches to thousands of machines in minutes with minimal impact on your network.

Import, manage, sync, and deploy all critical patch information using the familiar workflows and features of SCCM.

Patch all devices whether they’re behind the firewall, on the road, at remote sites, or even asleep.

Patch online and offline virtual machines and even hypervisors.

Hole it: Verify patching enterprise-wide.

Set consistent timeframes and schedules for patch deployment and maintenance.

Control when patches are installed and whether to reboot or snooze selected systems after patching.

Specify key processes that don’t get interrupted by patch or update deployment when running in full-screen mode.

Patch systems at the right time and under the right circumstances to protect in silence and avoid disrupting business operations.

For one university, patching goes from a full-time job to one hour a week.

At the University of Pittsburgh’s Financial Information Systems (FIS) department, security depends on patch compliance. FIS supports the business and financial areas of the university and more, including the CFO’s office, payroll, purchasing, general accounting, housing, food services, parking, and transportation.

Within FIS, the Technical Services team supports the IT needs of more than 800 university employees, providing application development, client and server computing, and customer support for anything tech related.

Technical Services stays on top of patches across several hundred applications throughout the department. For the most frequently used applications, updates come out at least every month, if not every week. Technical Services manages all its patch updates centrally via Microsoft System Center Configuration Manager (SCCM).

But for some of its most widely used applications—non-Microsoft software such as Adobe, Java, Apple, Google and Mozilla—the team previously had to detect, build, and test patches manually before deploying them with SCCM.

“We tested and pushed out each one individually,” said Anthony Digregorio, Manager of Client Computing. “For just three to five applications, we could easily log up to 10 hours a week. Across them all, it was almost a full-time job.”

Automating third-party applications with Ivanti Patch for SCCM has freed the team from what seemed like nonstop patching, at times requiring them to work evenings or weekends.

“We’ve always been dedicated to staying protected,” said Rick McIver, Senior Systems Administrator. “Now, it just doesn’t take nearly as much time to stay protected. Updating all applications takes about an hour each week—no matter how many applications need patching.”